| From: | Asia <asia123321(at)op(dot)pl> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Universal certificate for verify-full ssl connection |
| Date: | 2011-05-30 07:58:20 |
| Message-ID: | 33248361-0791d6468966804d41201953aac7997f@pkn7.m5r2.onet |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
I am trying to generate self-signed certificate for full ssl authentication. I need to have universal version of this certificate for development purposes (so any client can connect with any postgresql server with ssl on).
I am using IP while connecting, I mean host=<IP>.
However verify-full connection works only in case "Common Name" in certificate contains only fully qualified IP address, when I try to set CN as * (asterisk) I receive error:
server common name "*" does not match hostname "my_ip"
According to the documentation here : http://www.postgresql.org/docs/current/static/libpq-ssl.html
"If the connection is made using an IP address instead of a host name, the IP address will be matched (without doing any DNS lookups). "
Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ?
Thanks in advance !
Joanna
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2011-05-30 09:02:34 | Re: trigger - dynamic WHERE clause |
| Previous Message | Machiel Richards | 2011-05-30 07:45:30 | determine database and tables from deadlock |